Update the federated LDAP user registry
After creating and use the LDAP user registry in the default federated repository, we might find the LDAP user registry is not working correctly. We can update the LDAP user registry and make the necessary changes. For example, we can change the LDAP Bind password. In a stand-alone server environment, complete the following task when the servers are either stopped or started. In a clustered environment, start the deployment manager and node agent. Then, verify they are able to synchronize.
The update federated LDAP user registry task does not modify the following attributes:
- Administrative users
- Entity types
- LDAP entity types
- LDAP group membership attributes
- LDAP group configuration
- LDAP context pool
There are separate tasks to update these attributes.
Use the wp_security_federated.properties helper file, in the WP_PROFILE/ConfigEngine/config/helpers directory to ensure the correct properties are entered. In the following instructions, where the step refers to wkplc.properties, use the wp_security_federated.properties helper file.
- cd WP_PROFILE/ConfigEngine/properties
- Edit wkplc.properties
- Enter the following parameters in wkplc.properties under Federated LDAP repository heading:
- federated.ldap.id
- federated.ldap.host
- federated.ldap.baseDN
- federated.ldap.ldapServerType
- federated.ldap.port
- federated.ldap.bindDN
- federated.ldap.bindPassword
- Save the changes to wkplc.properties.
- Validate the LDAP server settings:
- cd WP_PROFILE/ConfigEngine.
./ConfigEngine.sh validate-federated-ldap -DWasPassword=foo
In an environment configured with an LDAP with SSL, we are prompted to add a signer to the truststore. The prompt is Add signer to the truststore now?. If we do, press y and then Enter.
- Update the LDAP user registry in the default federated repository:
./ConfigEngine.sh wp-update-federated-ldap -DWasPassword=foo
- Stop and restart the appropriate servers to propagate the changes.
Parent Update the user registry